Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A process for facilitating a client system defense training exercise: sending a registration request message by the client system to at least one first server for registering the client computer with the at least one first server; sending a profile message by the at least one first server to the client system in response to successful registration by the client system, the profile message including a list of client system vulnerabilities with associated vulnerability identifiers (IDs); sending a health message by the client system to the at least one first server at predetermined intervals, the health message including information regarding at least one of client system CPU, memory, hard disk, network and interfaces; sending a vulnerability status message by the client system to the at least one first server each time one of the vulnerabilities on the list of vulnerabilities has been identified, exploited or fixed, the vulnerability status messages including the associated vulnerability ID for each vulnerability; sending a firewall message by the client system to the at least one first server indicating client system firewall changes including firewall up, firewall down or no firewall; storing details from the profile message, one or more health messages, firewall message and one or more vulnerability status messages in at least one database associated with the first server; accessing the details stored in the at least one database by at least one second server; applying a set of scoring rules to the accessed details by the at least one second server to determine an objective score for one or more client system users that is indicative of the one or more client system user's ability to identify one or more of the vulnerabilities of the client system, exploit one or more of the vulnerabilities of the client system or defend the client system against one or more of the vulnerabilities.
A system simulates a network defense training exercise. A client computer registers with a server, providing its identity. The server responds with a list of vulnerabilities present on the client, each with a unique ID. The client then periodically sends health reports to the server, including CPU, memory, disk, network, and interface usage. When a vulnerability is identified, exploited, or fixed, the client sends a status message including the relevant vulnerability ID. The client also reports firewall status changes (up, down, or no firewall). The server stores all this data. A second server accesses this data and applies scoring rules to determine a score for the user based on their ability to identify, exploit, or defend against the vulnerabilities.
2. The process according to claim 1 , wherein the registration request message includes one or more of the following: client name, client network information, operating system information, processor information.
The registration process from the defense training system includes the client sending its name, network information, operating system details, and processor information to the server during the initial registration request. This allows the server to properly identify and categorize the client within the training exercise environment.
3. The process according to claim 1 , further comprising: changing the predetermined interval at which the client computer sends a health message by sending a throttle message by the at least one first server to the client computer indicating a new predetermined interval.
In the defense training system, the server can dynamically adjust how often the client sends health reports. The server sends a "throttle message" to the client, instructing it to use a new interval for sending these reports. This allows the server to manage network load and adjust the fidelity of the health monitoring data.
4. The process according to claim 1 , wherein the CPU information includes percentage of CPU used, the memory information includes percent of memory used, the interface information includes upload and download usage data.
In the defense training system, the client's health reports include detailed CPU usage as a percentage, memory usage as a percentage, and interface usage with upload and download data amounts. This provides the server with a granular view of the client's resource utilization during the training exercise.
5. The process according to claim 1 , further comprising: sending a boot message by the client system to the at least one first server indicating when the client is shutting down, rebooting or starting up.
The defense training system involves the client sending a boot message to the server when it shuts down, reboots, or starts up. This allows the server to track client availability and properly account for downtime in the scoring process.
6. The process according to claim 1 , further comprising: sending a services message by the client system to the at least one first server indicating when a client service is manually stopped, started or restarted.
In the defense training system, the client sends service messages to the server when a client service is manually stopped, started, or restarted. This allows the server to monitor changes in client service states that could indicate a defensive action or a compromise.
7. The process according to claim 1 , further comprising: sending a request for vulnerabilities status message by the at least one first server to the client system.
The defense training system allows the server to request an immediate vulnerability status report from the client. This enables the server to gather up-to-date information on the state of vulnerabilities, rather than relying solely on the client's periodic updates.
8. The process according to claim 7 , further comprising: sending a vulnerability status message from the client system to the at least one first server in response to the request for vulnerabilities status message, the vulnerability status message containing status for all vulnerabilities on the list of vulnerabilities, wherein status may be one of fixed and unfixed.
In response to the server's request for a vulnerability status report, the client sends a message containing the status of all known vulnerabilities (fixed or unfixed). This ensures the server receives a comprehensive and current assessment of the client's vulnerability state.
9. The process according to claim 1 , wherein applying a set of scoring rules by the at least one second server includes applying a combination of one or more predetermined values and weights associated with each vulnerability.
The scoring system for the defense training exercise assigns scores by using predefined values and weights for each vulnerability. The scoring server combines these values and weights based on client actions to generate an overall score for each participant.
10. The process according to claim 1 , wherein multiple users of the client system participate against one another in the defense training exercise.
The defense training system involves multiple users competing against each other on the same client system. This fosters collaboration and competition in identifying, exploiting, and fixing vulnerabilities.
11. The process according to claim 10 , wherein at least a first of the multiple users is directed to exploit one or more client system vulnerabilities and at least a second of the multiple users is directed to fix the one or more client system vulnerabilities exploited by the at least a first of the multiple users.
In the multi-user defense training exercise, some users are assigned the role of attackers, tasked with exploiting system vulnerabilities. Other users are assigned the role of defenders, responsible for patching those same vulnerabilities.
12. The process according to claim 11 , wherein the set of scoring rules is selected from the group consisting of: capture the flag scoring rules; computer network attack scoring rules; computer network defense scoring rules; forensics scoring rules; and data recovery scoring rules.
The scoring rules applied to the defense training exercise can be selected from various game formats, including capture the flag, computer network attack, computer network defense, forensics, and data recovery scoring methodologies.
13. A process for scoring a client system defense training exercise comprising: sending a profile message by a first server to a client system including at least one computer, the profile message including a list of client system vulnerabilities with associated vulnerability identifiers (IDs); performing at least one of the following by at least one user of the client system: identifying client system vulnerabilities, exploiting client system vulnerabilities, fixing exploited client system vulnerabilities; generating a vulnerability fixed message by the at least one user and sending to the first server each time one of the vulnerabilities on the list of vulnerabilities has been fixed, the vulnerability fixed messages including the associated vulnerability ID for each fixed vulnerability; generating a vulnerability exploited message by the at least one user and sending to the first server each time one of the vulnerabilities on the list of vulnerabilities has been exploited, the vulnerability exploited messages including the associated vulnerability ID for each exploited vulnerability; generating a vulnerability identified message by the at least one user and sending to the first server each time one of the vulnerabilities on the list of vulnerabilities has been identified, the vulnerability identified messages including the associated vulnerability ID for each identified vulnerability; storing details from the profile message and the one or more vulnerability fixed, exploited and identified messages in at least one database associated with the first server; accessing the details stored in the at least one database by a second server; and applying a set of scoring rules to the accessed details by the second server to determine an objective score for the at least one user that is indicative of the user's ability to identify, exploit or fix client system vulnerabilities; wherein multiple users of the client system participate against one another in the defense training exercise.
A system scores a network defense training exercise. A server provides a client with a list of vulnerabilities and their IDs. Users on the client then identify, exploit, or fix these vulnerabilities. When a vulnerability is fixed, exploited or identified, the client sends a message to the server including the vulnerability ID. A server stores these messages. Another server accesses this data and applies scoring rules to determine a score for each user, reflecting their ability to identify, exploit, or fix vulnerabilities. Multiple users compete against one another.
14. The process according to claim 13 , wherein at least a first of the multiple users is directed to exploit one or more client system vulnerabilities and at least a second of the multiple users is directed to fix the one or more client system vulnerabilities exploited by the at least a first of the multiple users.
In the multi-user vulnerability training scoring system, at least one user acts as an attacker, exploiting vulnerabilities, while another user acts as a defender, fixing the exploited vulnerabilities. This simulates real-world scenarios and allows for competitive scoring based on both offensive and defensive actions.
15. The process according to claim 13 , wherein the set of scoring rules is selected from the group consisting of: capture the flag scoring rules; computer network attack scoring rules; computer network defense scoring rule; forensics scoring rules; and data recovery scoring rules.
The scoring rules applied to the vulnerability training exercise are selectable from the following list of game formats: capture the flag, computer network attack, computer network defense, forensics, and data recovery scoring methodologies. This allows for flexible scoring approaches tailored to the specific training objectives.
16. The process according to claim 13 , wherein applying a set of scoring rules by the at least one second server includes applying a combination of one or more predetermined values and weights associated with each vulnerability.
The scoring for the client defense training exercise includes assigning predetermined values and weights to each vulnerability. The scoring server uses a combination of these values and weights associated with the specific vulnerabilities to determine the overall user score, providing nuanced assessment.
17. A system for facilitating a client system defense training exercise: a client system having one or more subsystems configured for sending a registration request message by the client system to at least one first server for registering the client computer with the at least one first server; sending a health message to the at least one first server at predetermined intervals, the health message including information regarding at least one of client system CPU, memory, hard disk, network and interfaces; sending a vulnerability status message to the at least one first server each time one of the vulnerabilities on the list of vulnerabilities has been identified, exploited or fixed, the vulnerability status messages including the associated vulnerability ID for each vulnerability; sending a firewall message by the client system to the at least one first server indicating client system firewall changes including firewall up, firewall down or no firewall; at least one first server configured for sending a profile message to the client system in response to successful registration by the client system, the profile message including a list of client system vulnerabilities with associated vulnerability identifiers (IDs); at least one database for storing details from the profile message, one or more health messages, a firewall message and one or more vulnerability status messages; at least one second server configured for accessing the details stored in the at least one database and applying a set of scoring rules to the accessed details by the at least one second server to determine an objective score for one or more client system users that is indicative of the one or more client system user's ability to identify one or more of the vulnerabilities of the client system, exploit one or more of the vulnerabilities of the client system or defend the client system against one or more of the vulnerabilities.
A system facilitates network defense training. A client sends registration, health (CPU, memory, disk, network), vulnerability (identified, exploited, fixed), and firewall (up, down, none) messages to a first server. The first server sends a list of vulnerabilities to the client after registration. A database stores all messages. A second server accesses this data and scores users based on their ability to identify, exploit, and defend against vulnerabilities.
Unknown
September 23, 2014
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.